The wise advice and profound insights from Joe Sullivan, UBER's convicted CISO, following a cyber-incident are on full display in this interview. Every CISO, Officer and Director that will be subject to the SEC Cybersecurity Regulations in December 2023 should find these insights and advice from Joe useful.
The entire 40 minute interview is worth watching, but if you're short on time, advance to the 20 minute mark for the most direct advice and insights. It was the most insightful advice I've heard to help CISO's protect themselves from risk, especially now that the SEC Cybersecurity Regulations are in effect.
One key point occurs starting at the 30 minute mark; "any kind of 3rd party validation would have helped"
There were five lawsuits filed as of September 28 involving MGM and Caesars.
For those people looking at cyber-insurance as a mitigating method to "transfer risk" you need to be aware that insurers will also be requiring companies to comply with cybersecurity regulations, i.e. SEC regulations, in order to qualify for cyber-insurance "The report also found that an increasing list of exclusions could make cyber insurance coverage void, including lack of security protocols in place, human error, acts of war, and not following proper compliance procedures."